This book is a guide for network professionals to understand real-world information security scenarios. It offers a systematic approach to prepare for security assessments including process security audits, technical security audits and penetration tests. This book aims at training preemptive security to network professionals in order to improve their understanding of security infrastructure and policies. With our network being exposed to a whole plethora of security threats, all technical and Non-Technical people are expected to be aware of security processes. Every security assessment (technical/ Non-Technical) leads to new findings and the cycle continues after every Audit. This book explains the auditor’s process and expectations and also helps an organisation prepare for any type of Audit and minimise security findings. It follows a life cycle approach to information security by understanding: why we need information security how we can implement how to operate securely and maintain a secure posture how to face audits contents - basics of information security - threat paradigm - information security controls - decoding policies standards procedures & guidelines - network security design - know your assets - implementing network security - secure change management - vulnerability and risk management - access control - capacity management - log management - network monitoring - information security Audit - technical compliance Audit - penetration testing.